As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

Meta

How integrity is (no longer?) protected on the Internet

I am myself as my readers know not a lawyer so I write this as a way to trigger a renewed debate about integrity.

One of the key elements of Human Rights is integrity, and integrity related issues. The right to be able to not only say whatever one wants, but also to be able to do so without being monitored. Reason why monitoring is so closely related to freedom of expression issues is that just the knowledge that monitoring can take place has a negative impact on the interest of expression. It puts a wet blanket over communication. It decreases the trust in the communication mechanisms, and decreased trust in Internet based tools have negative impact on growth, evolution of society and because of this negative impact on productivity and growth of GNP of the society.

In Sweden integrity is based on a few very simple fundamental mechanisms:

Limitation on what data is to, and is allowed to, be collected by providers of services, and very specific specification on to what purpose the data is collected

Limitation on who can request data from the initial storage, and what decisions are needed by whom to create a proper request

Limitation on what crime or action or other activities can be the basis for a request to get the information

Economical cost for the one that request the information, where each requests costs money, so that increased number of requests do have economical budget impact

What has happened during the last couple of years is that we outside of the telecommunication and internet discussions the rules we have had have slowly changed. Various proposals have changed these protection mechanisms of integrity.

The proposals are not mainly related to grooming or child abuse. They have as a goal to undermine and change our society respect for integrity.

And the counter reactions are not in favor of illegal copying of music. They have as a goal to ensure our basic ethical values regarding protection of integrity is what it is.

This worries me. A lot. I.e. that these changes happens, and that the fight is ongoing, without much specific discussion.

Or, there is discussion in Sweden. Where the Foreign Ministry and Ministry of Energy, Enterprise and Communication is in strong favor of keeping the existing rules. In favor of discussing for example how we can fight crime in cyberspace without changing our base values for protection of integrity. How we can shape the future of the society where IPR protection and payment for services and products might look different from today. How we can shape the future where we see local actors act in a global world where a one person company in Rwanda have the same ability to provide services to customers all over the world as a one person company in Kista outside Stockholm. How we can balance requests for corporate social responsibility with regulation. How we can live together in the world with less stress when 25% or more of the population of Sweden is outside the soil we call Sweden and because of that interact every day with individuals that might share or not the values and norms that shape every days life.

But the discussion does not involve all parts of the society. And not even all parts of the government as it feels.

There have been legislations, or proposals to legislations, that changes the rules we have today.

The limitations of data that is to be stored is changed by the data retention directive. The proposal in Sweden is I think relatively ok as the basis for it really manifests one of the portal rules in the directive, that no one is to store data about services they do not provide themselves. That is not the case in all member states. For example not in Denmark. Still, this is a change from the rules we had before. That data is to be removed when it is not needed anymore. But we also have some changes regarding wiretap and ability that disturbs many.

The limitations of who can request the data has earlier only been police and law enforcement agencies and similar organizations that already have strong requirements on them (and audit processes) to manage such data. But IPRED did change this to increase the ability for non-LEA to request the data. This is specifically in Sweden a very big change because civil court cases are very unusual.

The limitations on what crime must be the basis for handing over the data has in Sweden been based on the maximum crime value. I claim it has been as for wiretap, 2 years in prison, but in some cases maybe prison sentence at all have been enough. Regardless, there is now a proposal in front of the parliament that is to completely remove this barrier. So that data can be handed out regardless of value of the crime.

The economical cost for handing over the data has by the market been set to around €80 per request. Maybe €50, maybe €100. I do not exactly know. But the regulator PTS is today working on a text talking about what an appropriate cost is related to the implementation of the data retention directive. If I do not remember wrong, it is about €80 at the moment that is discussed there. But, if the number of requests increases with a factor 100, does that imply the cost should be decreased?

Yes, I am very annoyed over the fact these changes happens [in Sweden] while we do have a constructive dialogue. A dialogue that exists just because strong ministers (all three in the Foreign Ministry plus Anna-Karin Hatt in the Ministry of Energy, Enterprise and Communication) understand these issues. Understand that these issues are tied together. And are tied together with the evolution of the society, growth, trust and therefore sustainability.

I am invited to a number of meetings that continues these discussions. And there are so many that I can not even participate on site for all of them! Swedish Government is on top of all main driver and/or host for an impressive number of them first half of 2012!

But why why why do changes happens that are not aligned with the findings in these human rights based discussions?

2 comments to How integrity is (no longer?) protected on the Internet

There is a disjointness of common concepts in society between the digital and the physical world. The discussion regarding information ownership and the right to information should not be divided by the line separating the physical and the digital world. Lawmakers need to address the higher level problem – ownership and the right to access data by other entities – and then make sure that the rights are applied to both the digital world and the physical world in identical fashion. Not doing so would be discriminatory, leave gaps open for interpretation and evasion, and at risk for violating human rights.

Having a background of having grown up in Sweden, but since spent time across a wide range of countries, I’ve found the concept of integrity as well as related cultural perspective varying quite significantly to the point where it questions whether constructive dialogue is always possible as the first instance. In some countries, anyone with enough power and/or influence can by relevant data on an individual and use as they wish and there is little the individual can do to question it. In an unfortunate incident I’ve also experienced how people of power can use their connections with companies to leverage more information so the question of data and integrity – this is not just limited to e.g. non-western countries. All it can take for that to happen is that the concept of asking questions and having open dialogue, rather than being seen as constructive or demonstrating interest in understanding better, it being seen as questioning corporations and governments, this being a cause for suspicion and seen as troublemaking thus giving the need to collect data both on the internet and offline.

While this is an isolated incident, I would agree with Erik’s post above at the same time as I wonder how it can be applied globally when cultural perspective has an impact on how integrity is understood and practised (or not practised).